Sync release-ash-2501 with main

Sync release-ash-2501 with main

Author: sethmanheim

AKS-Hybrid/add-ons.md

@@ -54,7 +54,7 @@ The following table shows examples of open-source and third-party integrations:
 |-------------------------|-----------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | [Helm](https://helm.sh/)         | An open-source packaging tool that helps you install and manage the lifecycle of Kubernetes applications. | [Quickstart: Develop on Azure Kubernetes Service (AKS) with Helm](/azure/aks/quickstart-helm)                                                                                                     |
 | [Istio](https://istio.io/)        | An open-source service mesh.                                                                              | [Istio installation guides](https://istio.io/latest/docs/setup/install/)                                                                                                                                        |
-| [Linkerd](https://linkerd.io/)      | An open-source service mesh.                                                                              | [Linkerd getting started](https://linkerd.io/getting-started/)                                                                                                                                             |
+| [Linkerd](https://linkerd.io/)      | An open-source service mesh.                                                                              | [Linkerd getting started](https://linkerd.io/2.16/getting-started/)                                                                                                                                             |
 
 ## Next steps
 

AKS-Hybrid/aks-edge-howto-deploy-azure-iot.md

@@ -21,10 +21,9 @@ To run the script, you need the following prerequisites:
 
 - An Azure subscription with either the **Owner** role or a combination of **Contributor** and **User Access Administrator** roles. You can check your access level by navigating to your subscription, selecting **Access control (IAM)** on the left-hand side of the Azure portal, and then selecting **View my access**. If you don't have an Azure subscription, [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
 - Azure CLI version 2.64.0 or newer installed on your development machine. Use `az --version` to check your version and `az upgrade` to update if necessary. For more information, see [How to install the Azure CLI](/cli/azure/install-azure-cli).
-- Install the latest version of the following extensions for Azure CLI:
+- Install the latest version of the **connectedk8s** extensions for Azure CLI:
 
    ```bash
-   az extension add --upgrade --name azure-iot-ops
    az extension add --upgrade --name connectedk8s 
    ```
 
@@ -70,7 +69,7 @@ To run the quickstart script, perform the following steps:
    |---------|---------|
    |SUBSCRIPTION_ID     |      The ID of your Azure subscription. If you don't know your subscription ID, see [Find your Azure subscription](/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription).   |
    |TENANT_ID  |    The ID of your Microsoft Entra tenant. If you don't know your tenant ID, see [Find your Microsoft Entra tenant](/azure/azure-portal/get-subscription-tenant-id#find-your-microsoft-entra-tenant).     |
-   |RESOURCE_GROUP_NAME     |   The name of an existing resource group or a name for a new resource group to be created.      |
+   |RESOURCE_GROUP_NAME     |   The name of an existing resource group or a name for a new resource group to be created. Only one Azure IoT Operations instance is supported per resource group.     |
    |LOCATION     |      An Azure region close to you. For the list of Azure IoT Operations's supported Azure regions, see [Supported regions](/azure/iot-operations/overview-iot-operations#supported-regions).   |
    |CLUSTER_NAME     |    A name for the new cluster to be created.     |
    |ARC_APP_OBJECT_ID     |  The object ID value that you retrieved in step 2.       |
@@ -88,12 +87,6 @@ To run the quickstart script, perform the following steps:
 
 ## Verify your cluster
 
-To verify that your cluster is ready for Azure IoT Operations deployment, you can use the [verify-host](/cli/azure/iot/ops#az-iot-ops-verify-host) helper command in the Azure IoT Operations extension for Azure CLI. When you run this command on the cluster host, it checks connectivity to Azure Resource Manager and Microsoft Container Registry endpoints:
-
-```azurecli
-az iot ops verify-host
-```
-
 To verify that your Kubernetes cluster is Azure Arc-enabled, run the following command:
 
 ```bash

AKS-Hybrid/software-defined-networking.md

@@ -177,7 +177,6 @@ Next, you can [create workload clusters][] and [deploy your applications][]. All
 [Plan a Software Defined Network infrastructure]: /azure-stack/hci/concepts/plan-software-defined-networking-infrastructure
 [SDN Express]: /azure-stack/hci/manage/sdn-express
 [Windows Admin Center]: /azure-stack/hci/deploy/sdn-wizard
-[Software Load Balancer.psd1]: https://github.com/microsoft/SDN/blob/master/SDNExpress/scripts/Sample%20-%20Software%20Load%20Balancer.psd1
 [Troubleshooting SDN]: /windows-server/networking/sdn/troubleshoot/troubleshoot-software-defined-networking
 [how to create and attach VMs to an SDN virtual network]: /azure-stack/hci/manage/vm
 [New-AksHciNetworkSetting]: reference/ps/new-akshcinetworksetting.md

azure-managed-lustre/TOC.yml

@@ -38,6 +38,8 @@
   items:
     - name: Configure root squash settings
       href: root-squash-configure-settings.md
+    - name: Set and configure Lustre quotas
+      href: lustre-quotas.md
 - name: Security
   items:
     - name: Configure a network security group

azure-managed-lustre/amlfs-overview.md

@@ -1,10 +1,10 @@
 ---
 title: What is Azure Managed Lustre?
-description: Use Azure Managed Lustre to quickly create an Azure-based Lustre file system to use in cloud-based high-performance computing jobs.
+description: Use Azure Managed Lustre to quickly create an Azure-based Lustre file system for cloud-based high-performance computing jobs.
 ms.topic: overview
 author: pauljewellmsft
 ms.author: pauljewell
-ms.date: 05/14/2024
+ms.date: 11/11/2024
 ms.reviewer: mayabishop
 ms.custom: references_regions
 
@@ -15,7 +15,7 @@ ms.custom: references_regions
 
 # What is Azure Managed Lustre?
 
-The Azure Managed Lustre service gives you the capability to quickly create an Azure-based Lustre file system to use in cloud-based high-performance computing jobs.
+The Azure Managed Lustre service gives you the capability to quickly create an Azure-based Lustre file system for cloud-based high-performance computing jobs.
 
 Lustre is an open-source parallel file system that can scale to massive storage sizes while also providing high performance throughput. Lustre is used by the world's fastest supercomputers and in data-centric workflows for many types of industries. For more information, see [https://www.lustre.org](https://www.lustre.org).
 
@@ -38,7 +38,7 @@ All information in an Azure Managed Lustre file system also is protected by VM h
 
 Your Azure Managed Lustre file system uses Azure managed disks as object storage target (OST) data disks.
 
-All Azure Managed Lustre file systems that are created as a "durable" file system type use Azure Premium SSD (solid state drive) disks configured as locally redundant storage (LRS). LRS disk contents are replicated three times within the local datacenter to protect against drive and server rack failures.
+All Azure Managed Lustre file systems that are created as a "durable" file system type use Azure Premium SSD (solid state drive) disks configured as locally redundant storage (LRS). LRS disk contents are replicated three times within the local data center to protect against drive and server rack failures.
 
 The Azure Managed Lustre file system itself also contributes to data resilience through the object storage processes it uses to store data on these disks.
 

azure-managed-lustre/amlfs-prerequisites.md

@@ -1,6 +1,6 @@
 ---
 title: Prerequisites for Azure Managed Lustre file systems
-description: Network and storage prerequisites to complete before you create an Azure Managed Lustre file system.
+description: Learn about network and storage prerequisites to complete before you create an Azure Managed Lustre file system.
 ms.topic: overview
 ms.date: 05/14/2024
 author: pauljewellmsft

azure-managed-lustre/amlfs-region-recovery.md

@@ -1,10 +1,10 @@
 ---
 title: Regional redundancy and failover recovery with Azure Managed Lustre
-description: Techniques to provide failover capabilities for disaster recovery with Azure Managed Lustre 
+description: Understand techniques to provide failover capabilities for disaster recovery with Azure Managed Lustre 
 author: pauljewellmsft
 ms.author: pauljewell
 ms.topic: conceptual
-ms.date: 05/08/2023
+ms.date: 11/11/2024
 ---
 
 # Use multiple clusters for regional failover recovery
@@ -16,10 +16,9 @@ This article describes a strategy to reduce the risk of work disruption by using
 As your workflow proceeds in your primary region, you must manually save data in the blob storage outside of the region. If the cluster region becomes unavailable, you can create another Azure Managed Lustre instance in a secondary region, connect to the same storage, and resume work from the new cluster.
 
 > [!NOTE]
-> This failover plan does not cover a complete outage in a storage account's region. 
+> This failover plan doesn't cover a complete outage in a storage account's region.
 >
-> Managed Lustre does support locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), read-access-geo-redundant storage (RAGRS), geo-zone-redundant storage (GZRS), and read-access-geo-zone-redundant storage (RA-GZRS).
-
+> Azure Managed Lustre supports locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), read-access-geo-redundant storage (RAGRS), geo-zone-redundant storage (GZRS), and read-access-geo-zone-redundant storage (RA-GZRS).
 
 ## Planning for regional failover
 

azure-managed-lustre/automount-clients-fstab.md

@@ -4,8 +4,7 @@ description: Describes how to automount Lustre clients using fstab.
 ms.topic: how-to
 author: pauljewellmsft
 ms.author: pauljewell
-ms.date: 07/26/2023
-ms.lastreviewed: 07/26/2023
+ms.date: 11/11/2024
 ms.reviewer: dsundarraj
 
 ---
@@ -37,6 +36,7 @@ To update the **/etc/fstab** file in your Lustre client VM:
 ```bash
 <MGS IP Address>@tcp:/lustrefs </mount_point> lustre defaults,noatime,flock,_netdev,x-systemd.automount,x-systemd.requires=network.service 0 0
 ```
+
 > [!NOTE]
 > You can copy the example and input the appropriate MGS IP address and mount point for a functional default setup.
 
@@ -72,4 +72,3 @@ Your Lustre client VM is now configured to mount AMLFS whenever it restarts.
 In some cases, your Lustre client VM might need to start regardless of the status of your mounted AMLFS file system. In these cases, add the nofail option to your file system's entry in your /etc/fstab file.
 
 The fields in the line of code that you added to the /etc/fstab file do the following.
-

azure-managed-lustre/blob-integration.md

@@ -4,8 +4,7 @@ description: Understand storage concepts for using Azure Blob storage with an Az
 ms.topic: conceptual
 author: pauljewellmsft
 ms.author: pauljewell
-ms.date: 05/30/2024
-ms.lastreviewed: 06/05/2023
+ms.date: 11/11/2024
 ms.reviewer: brianl
 
 # Intent: As an IT Pro, I want to be able to seamlessly use Azure Blob Storage for long-term storage of files in my Azure Managed Lustre file system.

azure-managed-lustre/configure-network-security-group.md

@@ -2,7 +2,7 @@
 title: Configure a network security group for Azure Managed Lustre file systems
 description: Configure network security group rules to allow Azure Managed Lustre file system support as part of a locked down, Zero Trust networking strategy. 
 ms.topic: how-to
-ms.date: 07/09/2024
+ms.date: 11/08/2024
 author: pauljewellmsft
 ms.author: pauljewell
 ms.reviewer: mayabishop
@@ -87,7 +87,7 @@ Add the following inbound rules to the network security group:
 | 112 | *rule-name* | Any | TCP | `AzureMonitor` | `VirtualNetwork` | Allow | Permit inbound flows from the AzureMonitor service tag. Allow TCP source port 443 only. |
 | 120 | *rule-name* | Any | Any | Any | Any | Deny | Deny all other inbound flows. |
 
-The inbound security rules in the Azure portal should look similar to the following screenshot. You should adjust the subnet IP address/CIDR range and other settings based on your deployment:
+The inbound security rules in the Azure portal should look similar to the following screenshot. The screenshot is provided as an example; consult the table for the complete list of rules. You should adjust the subnet IP address/CIDR range and other settings based on your deployment:
 
 :::image type="content" source="media/network-security-group/inbound-security-rules.png" alt-text="Screenshot showing inbound security rules for a network security group in the Azure portal." lightbox="media/network-security-group/inbound-security-rules.png":::
 
@@ -118,10 +118,11 @@ Add the following outbound rules to the network security group:
 | 109 | *rule-name* | 123 | UDP | *IP address/CIDR range for Azure Managed Lustre file system subnet* | 168.61.215.74/32 | Allow | Permit outbound flows to MS NTP server (168.61.215.74). UDP destination port 123 only. |
 | 110 | *rule-name* | 443 | TCP | `VirtualNetwork` | 20.34.120.0/21 | Allow | Permit outbound flows to Azure Managed Lustre telemetry (20.45.120.0/21). TCP destination port 443 only. |
 | 111 | *rule-name* | Any | Any | *IP address/CIDR range for Azure Managed Lustre file system subnet* | *IP address/CIDR range for Azure Managed Lustre file system subnet* | Allow | Permit protocol or port flows between hosts on the Azure Managed Lustre file system subnet. For example, the system uses TCP port 22 (SSH) for initial deployment and configuration. |
+| 112 | *rule-name* | 443 | TCP | `VirtualNetwork` | `EventHub` | Allow | Permits outbound flows to the `EventHub` service tag. TCP destination port 443 only. |
 | 1000 | *rule-name* | Any | Any | `VirtualNetwork` | `Internet` | Deny | Deny outbound flows to the internet. |
 | 1010 | *rule-name* | Any | Any | Any | Any | Deny | Deny all other outbound flows. |
 
-The outbound security rules in the Azure portal should look similar to the following screenshot. You should adjust the subnet IP address/CIDR range and other settings based on your deployment:
+The outbound security rules in the Azure portal should look similar to the following screenshot. The screenshot is provided as an example; consult the table for the complete list of rules. You should adjust the subnet IP address/CIDR range and other settings based on your deployment:
 
 :::image type="content" source="media/network-security-group/outbound-security-rules.png" alt-text="Screenshot showing outbound security rules for a network security group in the Azure portal." lightbox="media/network-security-group/outbound-security-rules.png":::